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AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions and listings of claims in the application: 
Listing of Claims 

1-5. (Canceled) 

6. (Currently Amended) The method according to claim 26. further 
comprising, defining in the sw i tchoo each switch in a WLAN access network, one uplink 
VI^N for each Access Point (AP) or for oach of ono or moro groupo of APs, said uplink 
VLANs, each uplink VLAN for carrying uplink traffic from th e APc an associated AP and 
the hosts connected to the APs associated AP to the access route r, wherein the uplink 
VLAN Is extended to incorporate the a ssociated AP to prevent hosts connected to tha 
associated AP from communicating d irectly with each other through the associated AP . 

7. (Canceled) 

8. (Cun^ently Amended) The method according to claim 7 claim 6 . 
further comprising: 

providing in the switches, VLAN tags for the frames sent from the hosts to the 
access router; and 

configuring the access router to be VLAN aware. 

9. (Canceled) 

1 0. (Cun^ently Amended) The method according to claim 26, further 
comprising, retrieving by the access router, address mapping information for the hosts 
during the uoor auser authentication procedure. 
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1 1 . (Currently Amended) The method according to claim 26, further 
comprising, retrieving by the access router, address mapping infomiation for the hosts 
during tho IP an IP allocation procedure. 

1 2. (Previously Presented) The method according to claim 26, further 
comprising, providing more than one access router in the access network, the VI_ANs 
being configured such that the access routers belong to the same VLANs. 

13-17. (Canceled) 

18. (Currently Amended) The system according to claim 27, wherein the 
at least one switch is in a WU\N access network, and includes means for configuring 
one uplink VLAN for each Access Point (AP) or for oach of ono or moro groupo of APc. 
said uplink VLANo. each uplink VLAN for carrying uplink traffic from tho APo an 
associated AP to the access route r, wherein the unlink VLAN is extended to incorporate 
the associated AP t o prevent hosts connected to the associated AP from 
communicating direc tiv with each other through the associated AP . 

1 9. (Previously Presented) The system according to claim 1 8. wherein the 
access router is VLAN aware, and the at least one switch Includes means for providing 
VLAN tags for the frames sent from the hosts to the access router. 

20. (Canceled) 

21 . (Previously Presented) The system according to claim 27. wherein the 
access router includes means for retrieving address mapping information for the hosts 
during a user authentication procedure. 

22. (Previously Presented) The system according to claim 27. wherein the 
access router includes means for retrieving address mapping information for the hosts 
during an IP allocation procedure. 
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23. (Previously Presented) The system according to claim 27, wherein 
more than one access router is provided in the system, and the at least one switch 
includes means for configuring the VLANs such that the access routers belong to the 
same VLANs. 

24-25. (Canceled) 

26. (Currently Amended) A method in an access network for forcing a 
plurality of hosts connected to the access network to communicate through the access 
network rather than directly with each other, said access network comprising an access 
router and one or more switches, wherein the hosts are in communication contact with 
the access router via the switches, said method comprising the steps of: 

configuring in each switch, at least one port-based uplink Virtual Local Area 
Notworko fVLANo) in th e switches Network (VLAN) for carrvlna uplink traffic to the 
access router, wherein each uplink VLAN is dedicated to a single host, and each host is 
associated with a different switch port of the switch : 

defining in the switches, one asymmetric downlink VLAN, said downlink VLAN for 
carrying downlink traffic from the access router to the plurality of hosts, said downlink 
VLAN being common to all of the hosts connected to the access network; 

configuring the VLANs such that the hosts connected to the access network 
belong to the same IP subnet; and 

forcing the switches to route traffic from th e hosts a first host to a second host in 
the same IP subnet through the access n e twork router , said forcing step comprising: 

th e VLANs forcing th e sw i tches to route up li nk traffic from tho hosts to th e 
acc e ss rout e r; 

configuring the access router as an as a modified Address Resolution 
Protocol (ARP) prox v, wherein when the access router receives an ARP reouest from 
the first host requesting the MAC address of the second host, the access router returns 
to the first host, the MAC address of the access router : and 
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subsequently foiwarrlina bv th. .oo^co . ^ uter. p^nk^te ro^jyed f^n. th» 
first host to the sennnri hr>ct 



27. (Currently Amended) A system for forcing a plurality of hosts 
connected to an access network to communicate with each other through the access 
network rather than directly with each other, said system comprising: 

an access router for providing the hosts with access to the access network; and 
at least one intermediate switch connected between the hosts and the access 
router, said at least one switch comprising: 

m en nc for configurin g Virtual Local /\roa Motworko Q^ l mv). whoroin i li u 
moano for configur i ng VLANc includoG . 

means for configuring In the switch at least on^ p nrt.hoooH ..^.i^f. virtual 
""'^^ Network (VI AN) for carrvinn ..n.in. ^ the .rr^.. r..... 
upLnk VLAN is dedicated to a sinnle host, and ..nh hn.t associated with . m-^^.^^. 
switch port of the switrh ; 

means for configuring n nn n f tho VLANo jo di i a sinole asymmetric 
downlink VLAN for carrying downlink traffic from the access router to the hosts wherein 
the downlink VLAN is common to all of the hosts connected to the access network; and 

means for configuring the VLANs such that all of the hosts belong to the 
same IP subnet; 

mo ii ncforconfigu r i ny wherein the access router to porfomi ao an includes a 

modified Address Resolution Protocol lARPl proxy agent, wherein wh»n th^ o 

router receives an ARP request from a first hn«t r^^ . .ostina fh^ MAr .MMr^.. ^ 
second host in the same IP subnet the acc^^... m..ter returns tn th^ firct host, th^ MAr^ 
address of the acc6.«tR muter ; and 




t o r o nto traffic from tho hocto throu g h th n n ccooo rou l or and th n nccoGG n ulwu i K 

means for suhseqnentiv fon^rnrdinn hv th ^s router n^.i^ot. .o...-„^w ..^^ 

the first host to the second host 
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28. (New) A method in an access network for forcing a plurality of hosts 
connected to the access network to communicate through the access network rather 
than directly with each other, said access network comprising an access router and one 
or more switches, wherein the hosts are in communication contact with the access 
router via the switches, said method comprising the steps of: 

configuring in each switch, at least one port-based Virtual Local Area Networi< 
(s/LAN) for carrying both uplink traffic and downlink unicast traffic between the access 
router and individual hosts connected to the switch, wherein each VLAN Is dedicated to 
a single host, and each host is associated with a different switch port of the switch; 

configuring the VLANs such that the hosts connected to the access network 
belong to the same IP subnet; 

configuring the access router as a modified Address Resolution Protocol (ARP) 
proxy, wherein when the access router receives an ARP request from a first host 
requesting the MAC address of a second host In the same IP subnet, the access router 
retums to the first host, the MAC address of the access router; and 

subsequently fonAfarding by the access router, packets received from the first 
host to the second host. 



29. (New) A system for forcing a plurality of hosts connected to an access 
network to communicate with each other through the access network rather than directly 
with each other, said system comprising: 

an access router for providing the hosts with access to the access networic; and 

at least one intermediate switch connected between the hosts and the access 
router, said at least one switch comprising: 

means for configuring In the switch, at least one port-based Virtual Local Area 
Network (VLAN) for carrying both uplink traffic and downlink unicast traffic between the 
access router and individual hosts connected to the switch, wherein each VLAN Is 
dedicated to a single host, and each host is associated with a different switch port of the 
switch; 
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means for configuring the VLANs such that all of the hosts belong to the same IP 
subnet; 

wherein the access router includes a modified Address Resolution Protocol 
(ARP) proxy agent, wherein when the access router receives an ARP request from a 
first host requesting the MAC address of a second host in the same IP subnet, the 
access router returns to the first host, the MAC address of the access router; and 

means for subsequently fonvarding by the access router, packets received from 
the first host to the second host. 
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